tonyharris.io

PoC Week 2024-04-28

Posted on Apr 28, 2024

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2024-3400

  • Severity: 10 CRITICAL
  • Impacted Products: Palo Alto Networks PAN-OS, specifically versions 10.2.0, 11.0.0, and 11.1.0
  • Description: The vulnerability is a command injection flaw in the GlobalProtect feature of PAN-OS, allowing an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Notably, Cloud NGFW, Panorama appliances, and Prisma Access are not affected.
  • Remediation: Users are advised to apply mitigations as per vendor instructions when available. For vulnerable versions, enable Threat Prevention IDs or disable device telemetry until patches are issued.
  • More Info: CVE-2024-3400 on NVD
  • PoC: https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/

CVE-2024-4040

  • Severity: 10.0 CRITICAL
  • Impacted Products: CrushFTP versions before 10.7.1 and 11.1.0 across all platforms
  • Description: CVE-2024-4040 is a critical server-side template injection vulnerability in CrushFTP, allowing unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication, and perform remote code execution.
  • Remediation: Update CrushFTP to version 10.7.1 or 11.1.0 to mitigate this vulnerability.
  • More Info: NVD NIST CVE-2024-4040
  • PoC: https://github.com/rbih-boulanouar/CVE-2024-4040/tree/main

CVE-2024-2389

  • Severity: 10.0 CRITICAL
  • Impacted Products: Flowmon versions 11.x and 12.x prior to 11.1.14 and 12.3.5
  • Description: This vulnerability is an operating system command injection flaw identified in certain versions of Flowmon. An unauthenticated user can exploit this via the Flowmon management interface to execute arbitrary system commands.
  • Remediation: Users should update to Flowmon version 11.1.14 or 12.3.5 to address this vulnerability.
  • More Info: CVE-2024-2389
  • PoC: https://github.com/adhikara13/CVE-2024-2389

CVE-2024-21511

  • Severity: Currently under analysis
  • Impacted Products: Versions of the package mysql2 before 3.9.7
  • Description: CVE-2024-21511 involves arbitrary code injection vulnerabilities in mysql2 due to improper sanitization of the timezone parameter in the readCodeFor function. This occurs by calling a native MySQL Server date/time function, leading to potential arbitrary code execution.
  • Remediation: Update the mysql2 package to version 3.9.7 or later.
  • More Info: NVD NIST CVE-2024-21511
  • PoC: https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6670046

References

This list was scraped from the quite amazing and highly recommended newsletters below:

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.